From patchwork Wed Jan 17 05:16:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10168499 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 31B1B60386 for ; Wed, 17 Jan 2018 05:16:33 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3996023201 for ; Wed, 17 Jan 2018 05:16:33 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2B181251F4; Wed, 17 Jan 2018 05:16:33 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7E20F23201 for ; Wed, 17 Jan 2018 05:16:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750877AbeAQFQb (ORCPT ); Wed, 17 Jan 2018 00:16:31 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:46729 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750868AbeAQFQa (ORCPT ); Wed, 17 Jan 2018 00:16:30 -0500 Received: by mail-pl0-f65.google.com with SMTP id 66so7959382plc.13 for ; Tue, 16 Jan 2018 21:16:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=wLQ+Q+Dkg3pwRzVB2RgKje8OK/Vaqx8fMzZ5qBDpcCM=; b=IN8el2vGIRiL/hcbU7F7Ky2TLjp6iSWxg6SzCIz5JOR7bRQtuicQD6vlQsJ9Atotz5 bRm11mM3mFK2t0/ulvXAnf8MY37fy2adO6+ybN4+mSlFALP7kTKxGZpYLyaRBIHZ1Zlo BZbyw5+hIznjPSNySks6/Vg0eyQ4wBoNAtcBhT/eHres5D4v2wemEGVodjSBetkepyhd K5f/asvgyiT2Mnb30Wr1KKdxwU51E9UF0X0GiYtlvT+/rRoZHAb2B8EqIMiGbW1qEeBN XPfRrFQJy0w9udvsRpSL1YH9kpfAfNyvuzimDwpdhqTtWtR8PWXFi+5VYhBO4sZRBt29 MUuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=wLQ+Q+Dkg3pwRzVB2RgKje8OK/Vaqx8fMzZ5qBDpcCM=; b=fKoQk0e6MgLK8gxBjeMwZaPy7z4yQSd6ZDnTwKV/4osu2guNy+fZQsHFQbu2x7HYKo a+jnwgU4REIteGPaLMlA+bdbqbz7eGXIGGjI2KGaLUVy1Xb+s8QuYgngQ/iXwuI2RgNv TSaS8qJPZaljjkiGPioJlQ3NiZ4EHYaFN7bH/MbL7qi8J1omRWxvcDfgU+FfPZndSOZV /+9MkJYurrDOxmRI60iH293ceUNNb5KcyC/b9cqWozNESCk21G4wt8PqsP1IOo93/1Kk OwB4f+0KrqiuWjptUX+yARoAlnVlF0iF3Z0BFrd9bxQ6VrZJEMv7oUCXhtV8/2nnI6pv zDOw== X-Gm-Message-State: AKGB3mLnDj77IfceLhqwikApR1qi8ExSYhr1m+PHMNkGYZB15Mbd71G5 e+GXhPINYs2xD7TDyIABJapxWAs3 X-Google-Smtp-Source: ACJfBosvJhchcJw5OAcK7alqS7ZdxFqljJa76mPnUuuG88zxuYXdrWehVf/1Q4dhMzkq3K2pummjPA== X-Received: by 10.84.141.1 with SMTP id 1mr40357827plu.327.1516166190147; Tue, 16 Jan 2018 21:16:30 -0800 (PST) Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id m10sm4868298pge.59.2018.01.16.21.16.28 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 16 Jan 2018 21:16:29 -0800 (PST) Date: Tue, 16 Jan 2018 21:16:27 -0800 From: Eric Biggers To: Paolo Valente Cc: Arnd Bergmann , Ulf Hansson , Linus Walleij , Daniel Lezcano , Mark Brown , Vincent Guittot , John Stultz , Eric Biggers , David Howells , crypto , Thorsten Leemhuis Subject: Re: kernel failure while loading X.509 certificate Message-ID: <20180117051627.GA15527@zzz.localdomain> References: <48DEA233-E708-4661-B5F0-15CEC60877E4@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <48DEA233-E708-4661-B5F0-15CEC60877E4@linaro.org> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Paolo, On Fri, Jan 12, 2018 at 07:06:12AM +0100, Paolo Valente wrote: > > > > Il giorno 11 gen 2018, alle ore 23:37, Arnd Bergmann ha scritto: > > > > On Thu, Jan 11, 2018 at 7:29 PM, Paolo Valente wrote: > >> Hi guys, > >> this is a help request, for a problem that has been driving me crazy > >> all day long, without any success :( > >> > >> I've compiled a 4.15-rc7 custom kernel on a freshly-installed Fedora > >> 27, using the usual "make ; make modules_install ; make install" > >> procedure. No error reported while building. But at boot the > >> kernel immediately fails as follows, apparently while loading/parsing > >> an X.509 certificate: > > > > The BUG_ON() you hit is this one in public_key_verify_signature(): > > > > BUG_ON(!sig->digest); > > > > There was a patch series by Eric Biggers that touched these files to > > add some fixes > > after v4.15-rc1. I'm not runnig that code myself, but it sounds like > > a real regression, > > so I'm adding Eric (to look at the code), the corresponding mailing > > list and Thorsten > > (for regression tracking) to Cc. > > > > x509_cert_parse() allocates the 'cert->sig' structure, and calls > > x509_get_sig_params(), > > which may or may not allocate a digest. It returns with > > cert->unsupported_sig=true > > in case it fails to allocate a digest for some reason (crypto_alloc_shash failed > > or no sig->hash_algo). > > > > The full set of Eric's patches is > > > > 54c1fb39fe04 X.509: fix comparisons of ->pkey_algo > > 18026d866801 KEYS: reject NULL restriction string when type is specified > > 3d1f0255426a security: keys: remove redundant assignment to key_ref > > aa3300362060 X.509: use crypto_shash_digest() > > 72f9a07b6bfa KEYS: be careful with error codes in public_key_verify_signature() > > a80745a6de51 pkcs7: use crypto_shash_digest() > > 7204eb8590c7 pkcs7: fix check for self-signed certificate > > 8ecb506d3476 pkcs7: return correct error code if pkcs7_check_authattrs() fails > > 8dfd2f22d3bf 509: fix printing uninitialized stack memory when OID is empty > > 47e0a208fb9d X.509: fix buffer overflow detection in sprint_oid() > > 0f30cbea005b X.509: reject invalid BIT STRING for subjectPublicKey > > 81a7be2cd69b ASN.1: check for error from ASN1_OP_END__ACT actions > > e0058f3a874e ASN.1: fix out-of-bounds read when parsing indefinite length item > > 4dca6ea1d943 KEYS: add missing permission check for request_key() destination > > a2d8737d5c78 KEYS: remove unnecessary get/put of explicit dest_keyring > > > > and it's based on -rc2. If you want to do a quicker bisection, I'd > > suggest you try > > 4.15-rc2 and 54c1fb39fe04 to start with. > > > > Thank you very much Arnd. Fortunately, for the task I'm performing, a > 4.14 will do too. And I'm under pressure to finally finish this task. > Yet, even before I finish with this task, I'm willing to do any test > that the guys you added may want me to do. And, if more useful for > the community, ok for me to switch to the most appropriate public > mailing lists. > Have you managed to bisect this yet? I'm not seeing how my changes could have caused this, but it does seem there may be an existing bug where this BUG() can be hit if a certificate's signature uses a hash algorithm that is not built into the kernel. To verify whether that is happening can you try adding: If the pr_err() is hit then check the status of the corresponding CONFIG_CRYPTO_ option in your .config, for example CONFIG_CRYPTO_SHA256 if the algorithm is "sha256". Eric diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c index 9338b4558cdc..f1804640445a 100644 --- a/crypto/asymmetric_keys/x509_public_key.c +++ b/crypto/asymmetric_keys/x509_public_key.c @@ -58,6 +58,8 @@ int x509_get_sig_params(struct x509_certificate *cert) tfm = crypto_alloc_shash(sig->hash_algo, 0, 0); if (IS_ERR(tfm)) { if (PTR_ERR(tfm) == -ENOENT) { + pr_err("Hash algorithm %s not supported by crypto API\n", + sig->hash_algo); cert->unsupported_sig = true; return 0; }